Adopt Terraform + hybrid repo structure (new sv0-infrastructure for cross-cutting, existing in-repo modules stay) + Terraform Cloud free tier for state and runners. Design modules so each customer tenant can be stamped out as an independent stack for dedicated-deployment clients.
Lock the Azure compute landing zone for sv0-platform: westeurope, IaaS primitives only, Cloudflare Tunnel ingress (no public IPs / no Azure LB), HA prod fleet across two zones, ephemeral per-PR VMs, OIDC-federated TF auth, and a cloud-portability rule set that keeps the design migratable to AWS/GCP.
AWS Organization structure, account inventory, and Terraform conventions for SecurityV0
Implementation plan for ADR-022: current Hetzner inventory, target Azure topology, five-phase migration sequencing, secrets delivery via Key Vault + Managed Identity, and the executable break-glass procedure for the case where TFC is unreachable.
Proposal for automating source system provisioning across Azure, AWS, GCP, and ServiceNow using Terraform modules for cloud identity and per-connector Python setup scripts for SaaS configuration
How to handle Terraform drift, when dashboard changes are allowed, and how to reconcile them back into IaC. Companion to ADR-019.
Phased rollout of Infrastructure-as-Code per ADR-019. Four phases, each 1-3 days. Phase 1 is urgent (Cloudflare baseline with health-probe Bypass app); Phases 2-4 queue behind pilot-readiness work.
Infrastructure automation for SecurityV0 — dev environment provisioning, cloud identity setup, and source system configuration